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BACKGROUND 



1. Field 

The invention relates to the field of data security. In particular, the present 
invention relates to a method and apparatus for generating cryptographic keys using a key 
5 matrix. 



2. BACKGROUND ART 

In today's society, it is becoming more and more desirable to transmit digital 
information from one location to another in a manner that is clear and unambiguous to a 
10 legitimate receiver, but incomprehensible to any illegitimate recipients. Accordingly, 
such information is typically encrypted using one of two commonly used cryptographic 
techniques; public key cryptography and symmetric key cryptography. 

In symmetric key cryptography, a commonly possessed, symmetric key is used to 
encrypt and decrypt a message transmitted between a legitimate sender and a receiver. 

15 Such encryption and decryption is performed through well-known conventional 
algorithms such as Data Encryption Standard (DES). Although symmetric key 
cryptography is computationally simple, it relies on both parties maintaining the secrecy 
of the symmetric key. Also, the management of symmetric keys tends to be complex. 
Simply stated, if each sender needs a different symmetric key to communicate with each 

20 legitimate receiver, it is difficult, if not impossible, for use by businesses having a large 
number of employees. For example, in a business of 1000 employees, a maximum of 
499,500 (1000x999/2) keys would need to be managed, provided that each employee is 
capable of communicating with any another employee within the business. 
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In general, public key cryptography involves the use of a public key and a private 
key (collectively referred to as a "key pair") which are two separate, but related keys. 
Normally, the public key is publicly available and widely used for encrypting a message 
directed to the owner of the key pair. The private key is maintained in confidence and 
5 usually is used for decryption of incoming encrypted message. As a result, public key 
cryptography tends to be more secure than symmetric key cryptography, but it is more 
cumbersome and computationally intensive. The intense computations tend to prevent 
consumer electronic devices and other lower performance devices from using public key 
cryptography. 

10 Diffie-Hellman Key Exchange, a hybrid cryptographic technique developed in the 

late 1970s (U.S. Patent No. 4,200,770), allows two or more parties to exchange 
information over a public channel to form a secret that is known by all parties involved, 
but of which eavesdroppers cannot infer. While generation and use of the "secret" 
achieves the simplicity of symmetric key cryptography, its calculation is also 

1 5 computationally intensive. Diffie-Hellman involves the calculation of the secret through 
modular exponents over very large prime modular fields (e.g., 1024-bit binary numbers). 

On or around 1985, elliptic curve cryptography (ECC) was proposed. ECC 
involves the translation of cryptographic techniques from modular exponentiation to 
scalar multiplication over an elliptic curve over a finite field. ECC helped alleviate the 
20 mathematical strain of performing these cryptographic calculations on smaller-sized 
integers to provide, in theory, a comparable level of security as that of the modular 
exponentiation over much larger-sized prime fields. However, this is only a partial 
performance improvement over modular exponentiation, and it also adds further to the 
complexity of implementation due to the extensive mathematical calculations involved. 
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In light of the foregoing, it would be desirable to develop a cryptographic 
technique that provides the security advantages of public key cryptography without the 
disadvantages of being cumbersome and computationally intensive. Furthermore, it 
would be desirable for the cryptographic technique to seamlessly work with revocation 
protocols to protect the system from reverse-engineering attacks. 
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SUMMARY OF THE INVENTION 



Briefly, one embodiment of the invention is a method comprising providing a key 
matrix having N rows and M columns of matrix keys, where N>2 and M>2. For each 
column of the key matrix, arithmetic operations are performed on matrix keys of at least 
two selected rows of the key matrix to produce a first set of secret device keys. Then, a 
shared secret key is produced based on arithmetic operations on selected secret device 
keys of the first set of secret device keys. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



The features and advantages of the present invention will become apparent from 
the following detailed description of the present invention in which: 

Figure 1 is an illustrative block diagram of an embodiment of a network featuring 
5 a certification authority dispensing keys produced from a key matrix. 

Figure 2 is an illustrative block diagram of the certification authority of the 
network of Figure 1. 

Figure 3 is an illustrative block diagram of a first embodiment of a two- 
dimensional key matrix. 

10 Figure 4 is an illustrative block diagram of a first secret device key set and a key 

selection vector provided to the first digital platform using the key matrix of Figure 3. 

Figure 5 is an illustrative block diagram of a second secret device key set and a 
key selection vector provided to the second digital platform using the key matrix of 
Figure 3. 

1 5 Figure 6 is an illustrative block diagram of a second embodiment of a two- 

dimensional key matrix. 

Figure 7 is an illustrative block diagram of a first secret device key set and a key 
selection vector provided to the first digital platform using the key matrix of Figure 6. 

Figure 8 is an illustrative block diagram of a second secret device key set and a 
20 key selection vector provided to the second digital platform using the key matrix of 
Figure 6. 
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Figure 9 is an illustrative block diagram of a third embodiment of a two- 
dimensional key matrix. 

Figure 10 is an illustrative block diagram of a first secret device key set provided 
to the first digital platform using the key matrix of Figure 9. 

5 Figure 1 1 is an illustrative block diagram of a second secret device key set 

provided to the first digital platform using the key matrix of Figure 9. 

Figure 12 is an illustrative block diagram of a secret device key set provided to 
the second digital platform acting as an information receiver using the key matrix of 
Figure 9. 

10 Figure 13 is an illustrative block diagram of an alternate secret device key set 

provided to the second digital platform acting as an information provider using the key 
matrix of Figure 9. 

Figure 14 is an illustrative block diagram of a matrix authentication scheme with 
revocation between the first digital platform and the second digital platform of Figure 1. 

15 Figure 15 is an illustrative block diagram of a matrix authentication scheme 

without revocation between the first digital platform and the second digital platform of 
Figure 1 . 
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DETAILED DESCRIPTION 



In brief, the present invention relates to a system and method for generating 
cryptographic keys using a key matrix. In the following description, numerous specific 
details are set forth in order to provide a thorough understanding of the present invention. 
5 It will be obvious to one skilled in the art, however, that the present invention may be 
practiced without these specific details. 

To clarify various characteristics and features of the present invention, certain 
terminology is used. For example, a "digital platform" is defined as any hardware with 
processing and internal data storage capabilities. Examples of digital platforms include, 

10 but are not limited or restricted to the following: computers (e.g., laptops, desktops, hand- 
helds, servers, mainframes, etc.), imaging equipment (e.g., printers, facsimile machines, 
scanners, digital cameras, etc.), set-top boxes (e.g., television control boxes for cable or 
satellite transmissions), wireless communication equipment (e.g., cellular phones, pagers, 
etc.), consumer electronic appliances and the like. A "channel" is generally defined as one 

15 or more pathways through which information may be transferred (directly, indirectly or 
broadcast) over information-carrying mediums such as, for example, electrical wire, fiber 
optic, cable, bus, plain old telephone system (POTS) line, wireless (e.g., satellite, radio 
frequency "RF\ infrared, etc.) or even a logical link. "Information" is defined as data, 
address, control or any combination thereof 

20 With respect to cryptography related terminology, the term "secure" indicates a 

state where it is not reasonably feasible for an unauthorized individual to access 
information in an non-encrypted format. A "key" is generally defined as an encoding 
and/or decoding parameter usually structured as a sequence of binary data. A "digital 
signature" includes digital information signed with a private key of its signatory to ensure 

25 that the digital information has not been illicitly modified after being digitally signed. 
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This digital information may be provided in its entirety or as a digest produced by a one- 
way hash function. The "one-way hash function" includes a function, mathematical or 
otherwise, that converts information from a variable-length to a fixed-length (referred to as 
a "digest"). The term "one-way" indicates that there does not readily exist an inverse 
5 function to recover any discernible portion of the original information from the fixed- 
length digest. Examples of a hash function include MD2 or MD5 provided by RSA Data 
Security of Redwood City, California, or Secure Hash Algorithm (SHA-1) as specified by 
the National Institute of Standards and Technology located in Washington, D.C. 

In addition, a "digital certificate" includes digital information used to authenticate 
10 a sender of information. For example, a digital certificate may include information 

concerning a person, entity or device being certified that is encrypted with the private key 
of a certification authority. Examples of a "certification authority" include an original 
equipment manufacturer (OEM), a software vendor, a trade association, a governmental 
entity, a bank or any other trusted business or person. 

1 5 Referring now to Figure 1 , an illustrative block diagram of an embodiment of a 

network 100 employing at least two digital platforms is shown. Network 100 includes a 
first digital platform 120 and a second digital platform 130 capable of establishing 
communications with certification authority 1 10 via channels 140 and 150, respectively. 
Platforms 120 and 130 can register with certification authority 1 10 in order to receive 

20 secret device keys therefrom. Each platform 120 or 130 can be classified as either (i) an 
information provider, or (ii) an information receiver, or (iii) a transceiver capable of 
operating as either an information provider or an information receiver. Of course, other 
classification schemes may be utilized so long as communicative platforms have 
compatible classifications. Also, first and second digital platforms 120 and 130 

25 communicate with each other via channel 160. 
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As shown in Figure 2, an embodiment of certification authority 1 10 is shown. 
Certification authority 110 comprises a digital platform that includes a processing unit 
200 and memory 210. In particular, processing unit 200 is any hardware having code 
processing capabilities such as, for example, a central processing unit, a microcontroller, 
5 a coprocessor, a state machine and the like. Processing unit 200 accesses information 
from memory 210. In one embodiment, memory 210 is volatile memory with data 
backed-up in non- volatile storage. Of course, it is contemplated that memory 210 may be 
implemented to operate as non-volatile memory to ensure that its contents are retained 
during a power-down condition. Thus, memory 210 may include, for example, (i) read 
10 only memory (ROM), (ii) any type of programmable read only memory (PROM) such as 
erasable PROM (EPROM) or electrically erasable PROM (EEPROM), (lii) flash 
memory, or even (iv) battery-backed volatile memory. 

Memory 210 retains the certification authority's public key (PUKCA) 220, its 
private key (PRKCA) 230, and a multi-dimensional matrix 240 of matrix keys (K) 

15 arranged in grids (e.g., rows, columns, along z-axis, etc.) held in secret to be known only 
by certification authority 1 10 of Figure 1 . PUKCA 220 and PRKCA 230 are provided to 
support matrix key authentication schemes, not the formation of shared secret key 
"SECKEY". Currently, each key is 64-bits, although any bit size may be used (e.g., 32, 
128, 160,256,512, 1024...). For increased protection, PRKCA 230 and key matrix 240 

20 may be obfuscated by tamper-resistant software. The dimensions of key matrix 240 and 
length of the matrix keys correspond to the desired strength of security for network 100 
of Figure 1. 

In the event that key matrix 240 is a two-dimensional nxm matrix, for example, 
one matrix dimension (e.g., "n" rows) may be assigned to a first platform classification 
25 while the other matrix dimension (e.g., "m" columns) is assigned to a second platform 
classification. The "platform classifications" need only be something that can 
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differentiate participants of the authentication. Thus, the classification may be (1) 
information provider/information receiver; (2) multiple types of information providers; 
and (3) multiple types of information receivers and the like. Thus, if the first platform 
classification is an information provider, it would receive "m" secret device key sets 
5 created by performing arithmetic operations on the matrix keys situated in selected "p" 
rows (p<n) for each column. For this embodiment, the arithmetic operation involves 
modular addition, although exclusive-or (XOR) operations, non-modular addition or 
other operations may be used. Information receivers (second class), however, would 
receive "n" secret device key sets created by performing arithmetic operations on the 
10 matrix keys situated in selected "q" columns (q<m) for each row. For maximum security, 

"p" is equal to — and "q" is equal to — ; however, p or q may be any selected number of 
2 2 

rows or columns less than n or m, respectively (see Figure 6). 

Referring now to Figure 3, an illustrative block diagram of a first embodiment of 
key matrix 240 is shown. Key matrix 240 is a two-dimensional, nxm matrix with a first 

15 dimension (e.g., rows) 300 dedicated to a first platform classification (e.g., an 

"information provider" class) and a second dimension (e.g., columns) 310 dedicated to a 
second platform classification (e.g., an "information receiver" class). For clarity sake, 
key matrix 240 is represented as a 6x6 matrix; however, key matrix 240 normally 
comprises a larger-sized matrix, even a 40x40 matrix or larger. It is contemplated that 

20 the dedication of matrix dimensions for each class could be different. For example, 
columns and rows could be dedicated to the "information provider" and "information 
receiver" classes, respectively. 

For each digital platform, the certification authority generates a combination of 
rows or columns associated with key matrix 240. Preferably, the combination is unique, 
25 but uniqueness is not required. For example, in this embodiment, if the first digital 

platform is classified as an information provider, the certification authority generates a 



042390.P6526 



-10- 



WWS/wlr 



combination of rows, which is represented as a first key selection vector (KSV1) 320 for 
the first digital platform. Herein, KSV1 320 is equal to <2, 3, 5>. Based on KSV1 320, 
the certification authority generates a set of secret device keys (1 JSDKEY1 - 
1_SDKEY6) 330-335 and provides both KSV1 320 and the first set of secret device keys 
5 330-335 to the first digital platform. As shown in Figure 4, secret device keys 330-335 
are generated through modular addition (e.g., modulo 2 64 ) of matrix keys in the selected 
rows of key matrix 240 for each column. 

Referring back to Figure 3, if the second digital platform is classified as an 
information receiver, the certification authority generates a combination of columns 

10 associated with key matrix 240, which is represented as a second key selection vector 
(KSV2) 340. Herein, KSV2 340 is equal to <1, 3, 4>. Based on KSV2 340, certification 
authority generates a set of secret device keys (2_SDKEY1 - 2_SDKEY6) 350-355 and 
provides both KSV2 340 and the set of secret device keys 350-355 to the second digital 
platform. As shown in Figure 5, for each row, the second set of secret device keys 350- 

15 3 5 5 are produced through modular addition of the matrix keys of key matrix 240 
pertaining to those columns selected by KSV2 340. 

To secure channel 160 of Figure 1, the first and second digital platforms exchange 
KSV1 320 and KSV2 340. Hence, based on KSV2 340, the first digital platform creates 
a shared secret key (SECKEY) equivalent to the modular addition of 1JSDKEY1, 
20 1_SDKEY3 and 1_SDKEY4. Concurrently, based on KSV1 320, the second digital 

platform also produces SECKEY through modular addition of 2^SDKEY2, 2_SDKEY3 
and 2JSDKEY5. As shown in equation (1), SECKEY is determined to be the following: 

(1) SECKEY (at DPI) = (K21+K31+K51)+(K23+K33+K53)+ (K24+K34+K54) 

- (K21+K23+K24)+ (K31+K33+K34)+(K51+K53+K54) 



042390.P6526 



WWS/wlr 



Referring now to Figure 6, an illustrative block diagram of a second embodiment 
of key matrix 240 is shown. Key matrix 240 is a two-dimensional, nxm matrix with a 
first dimension (e.g., rows) 400 dedicated to the "information provider" class and a 
second dimension (e.g., columns) 410 dedicated to the "information receiver" class. For 
5 clarity sake, key matrix 240 is represented as a rectangular (4x5) matrix in lieu of a 
square (6x6) matrix as shown in Figure 3. 

Similarly, before providing keys to a digital platform, the certification authority 
generates a key selection vectors for that digital platform. For example, if the first digital 
platform is classified as an information provider, the certification authority generates a 

1 0 first key selection vector (KSV1) 420 to identify the selected combination of rows. 
Herein, KSV1 420 is equal to <2, 3> for example. Based on KSV1 420, certification 
authority generates a set of secret device keys (1_SDKEY1 - 1__SDKEY5) 430-434 and 
provides both KSV1 420 and a first set of secret device keys 430-434 to the first digital 
platform. As shown in Figure 7, secret device keys 430-434 are generated through 

1 5 modular addition on matrix keys in key matrix 240 that are associated with the rows 
selected by KSV1 420. 

Referring back to Figure 6, if the second digital platform is classified as an 
information receiver, the certification authority generates a combination of columns 
stored in a second key selection vector (KSV2) 440. Herein, KSV2 440 is equal to <2, 

20 3>. Based on KSV2 440, certification authority generates a second set of secret device 
keys (2_SDKEY1 - 2_SDKEY4) 450-453 and provides both KSV2 440 and secret device 
keys 450-453 to the second digital platform. Only four (4) secret device keys 450-453 
are provided in this example because key matrix 240 features four rows. As shown in 
Figure 8, secret device keys 450-453 are produced through modular addition of the matrix 

25 keys of key matrix 240 for those columns selected by KSV2 440. 
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To generate SECKEY, the first and second digital platforms still exchange KSV1 
420 and KSV2 440. Hence, based on KSV2 440, the first digital platform creates 
SECKEY equivalent to the modular addition of 1_SDKEY2 and 1_SDKEY3. Based on 
KSV1 420, the second digital platform generates SECKEY through modular addition of 
5 2_SDKEY2 and 2_SDKEY3. As a result, as shown in equation (2), SECKEY is 
calculated to be the following: 

(2) K22+K32+K23+K33 - SECKEY= K22+K23+K32+K33 

Referring now to Figure 9, an illustrative block diagram of a third embodiment of 
key matrix 240 is shown. Key matrix 240 is a two-dimensional, nxm matrix with a first 
10 dimension (e.g., rows) 500 dedicated to the "information provider" class and a second 
dimension (e.g., columns) 510 dedicated to the "information receiver" class. For clarity 
sake, key matrix 240 is symmetric and represented as a 4x4 matrix. 

Before providing keys into a digital platform, the certification authority generates 
key selection vectors for that digital platform. Likewise, these vectors may be unique to 

1 5 achieve better security. Since first digital platform is a transceiver in this embodiment, it 
would be required to store two sets of secret device keys. One set would be used when 
the first digital platform is functioning as an information provider and the other set would 
be used when functioning as an information receiver. In this embodiment, the 
certification authority assigns a first key selection vector (KSV1) 520, equal to <2, 3> 

20 when the first digital platform is functioning as an information provider. Also, the 

certification authority assigns a second key selection vector (KS V2) 540, equal to <2,4>, 
when the first digital platform functions as an information receiver. Of course, KSV1 and 
KSV2 may be equivalent for simplicity. 

Based on KSV1 520, the certification authority generates a set of secret device 
25 keys (1_SDKEY1 - 1_SDKEY4) 530-533 and provides both KSV1 520 and secret device 
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keys 530-533 to the first digital platform, As shown in Figure 10, the set of secret device 
keys 530-533 are produced through modular addition on the matrix keys of key matrix 
240 for rows selected by KSV1 520. 

Based on KSV2 540, the certification authority also produces a set of secret 
5 device keys (1_SDKEY5 - 1_SDKEY8) 550-553 and provides both KSV2 540 and secret 
device key sets 550-553 to the first digital platform for use when acting as an information 
receiver. As shown in Figure 1 1, secret device keys 550-553 are generated through 
modular addition on the matrix keys of key matrix 240 for columns selected by KSV2 
540. 

10 Thereafter, if the second digital platform is classified as an information receiver, 

the certification authority generates a third key selection vector (KSV3) 560. Herein, 
KSV3 560 is equal to <2, 3>. Based on KSV3 560, the certification authority generates a 
set of secret device keys (2_SDKEY1 - 2_SDKEY4) 570-573 and provides both KSV3 
560 and secret device keys 570-573 to the second digital platform. As shown in Figure 

15 12, secret device keys 570-573 are produced through modular addition on the matrix keys 
of key matrix 240 for columns selected by KSV3 560. 

To generate SECKEY, KSV1 520 and KSV3 560 are exchanged between the first 
and second digital platforms. Hence, based on KSV3 560, the first digital platform 
creates a shared secret key (SECKEY) equivalent to the modular addition of 1_SDKEY2 
20 and 1_SDKEY3. Based on KSV1 520, the second digital platform generates SECKEY 
through modular addition of 2 SDKEY2 and 2_SDKEY3, where SECKEY is determined 
as follows: 

K22+K32+K23+K33 - SECKEY= K22+K23+K32+K33 
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If the second digital platform is alternatively classified as an information provider 
as shown by dashed lines, the certification authority would have generated a fourth key 
selection vector (KSV4) 580. Herein, KSV4 580 is equal to <2, 3>. Based on KSV4 
580, certification authority generates a set of secret device keys (2JSDKEY5 - 
5 2_SDKEY8) 590-593 and provides both KSV4 580 and secret device keys 590-593 to the 
second digital platform. As shown in Figure 13, secret device keys 590-593 are 
generated by performing modular addition on the matrix keys of key matrix 240 for 
columns selected by KSV4 580. 

To generate the shared secret key for providing a secure channel, KS V2 540 and 
1 0 KSV4 580 are exchanged between the first and second digital platforms. Hence, based 
on KSV4 580, the first digital platform creates a shared secret key (SECKEY) equivalent 
to the modular addition of 1__SDKEY6 and 1_SDKEY7. Based on KSV2 540, the second 
digital platform generates SECKEY through modular addition of 2 SDKEY6 and 
2__SDKEY8. The SECKEY is determined as follows: 

1 5 K22+K24+K32+K34 = SECKEY= K22+K32+K24+K34 

Referring back to Figure 1, when digital platforms 120 and 130 are in compatible 
classes (e.g., one platform functioning as an information provider while the other 
platform functioning as an information receiver) and decide to inter-operate, both digital 
platforms 120 and 130 undergo a matrix authentication scheme, namely either a matrix 
20 authentication with revocation (see Figure 14) or a matrix authentication without 
revocation (see Figure 15). During the matrix authentication scheme, various secret 
device key sets of each digital platform 120 and 130 are used produce a shared secret key 
used to secure channel 160. 

Referring now to Figure 14, an illustrative embodiment of a matrix authentication 
25 with revocation scheme between first digital platform 120 and second digital platform 
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130 is shown. In this embodiment, first digital platform 120 sends an authentication 
request 600 to second digital platform 130. Authentication request 600 comprises a 
random number (Rl) 610, a digital certificate (CERT1) 620 and a key selection vector 
associated with first digital platform (KSV1) 630. KSV1 630 comprises information to 
5 indicate the combination of rows or columns selected for first digital platform 120. Rl 
610 is a random number used to prevent replay. In this embodiment, CERT1 620 
comprises KSV1 630, a device identification (DEVID) 640 and possibly other values for 
first digital platform and a digital signature 650, all of which certified by PRKCA 220. 
Digital signature 650 comprises a hash result 660 of KSV1 630 and DEVID 640 after 
1 0 undergoing a one-way hash function and the hash result 660 being digitally signed with 
PRKCA 220. 

Upon receiving authentication request 600, second digital platform 130 
authenticates first digital platform 120 by recovering KSV1 630, DEVID 640 and digital 
signature 650 because PUKCA 220 is widely available. DEVID 640 is used by second 
15 digital platform 130 to determine whether first digital platform 120 is authorized to 
communicate in a secure fashion with second digital platform 130 by checking the 
revocation list. If so, KEY1 670 is generated based on KSV1 630 provided by first 
digital platform 120. If not, the authentication request is ignored. 

Thereafter, second digital platform 130 provides a random number (R2) 680 and 
20 its selection vector (KSV2) 690 to first digital platform 120. From that, first digital 

platform 120 creates KEY2 700 and a check hash value (CV) 710. CV 710 is equivalent 
to a hash operation performed on the concatenation of KEY2 700, Rl 610 and R2 680. 
CV 710 is provided to second digital platform 130 and compared with a resultant value of 
a hash of KEY1 670, Rl 610 and R2 680. If CV 710 matches the resultant hash value, 
25 both KEY1 and KEY2 670 and 680 are identical and used as a shared secret key. 
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Alternatively, identical portions of KEY1 and KEY2 670 and 680 may be used as the 
shared secret key or even the hash result itself. 

Of course, this is an illustrative example of the matrix authentication scheme. The 
matrix authentication scheme may be devised without the use of digital signatures. 

5 Referring to Figure 15, an illustrative embodiment of a matrix authentication 

scheme without revocation between first digital platform 120 and second digital platform 
130 is shown. In this embodiment, first digital platform 120 sends authentication request 
800 to second digital platform 130. Authentication request 800 comprises a random 
number (Rl) 810, and a key selection vector associated with first digital platform (KSV1) 
1 0 830. KEY1 840 is calculated based on KSV1 830 provided by first digital platfonn 120. 

Thereafter, second digital platform 130 provides a random number (R2) 850 and 
its selection vector (KSV2) 860 to first digital platform 120. From that, first digital 
platform 120 creates KEY2 870 and a check hash value (CV) 880. CV 880 is equivalent 
to a hash operation performed on the modular addition result of KEY2 870, Rl 810 and 

15 R2 850. CV 880 is provided to second digital platform 130 and compared with a 

resultant value of a hash of KEY1 840, Rl 810 and R2 850. If CV 880 matches the hash 
result, both KEY1 and KEY2 840 and 870 are identical. Thus, these keys 840 and 870 or 
portions thereof may be used as the shared secret key (SECKEY). Also, KEY1 and 
KEY2 may be used in combination with other data in possession by both digital 

20 platforms to produce SECKEY. 

It is contemplated that matrix key authentication is not limited to simply two 
parties. It is possible to use matrix key authorization simultaneously between three or 
more parties. This is accomplished by extending the dimensions of the key matrix held 
by the certification authority for each additional party, and the dimensions of the number 
25 of matrix keys given to the various participants. 



042390.P6526 



-17- 



WWS/wlr 



For example, in a three-way authentication scheme, a three-dimensional (3D) key 
matrix is needed where the matrix dimensions do not have to be equal. The 3D key 
matrix supports three "classes" of digital platforms, which we will refer to as Class 1, 
Class 2 and Class 3. These classes need only be something that can be differentiated 
5 between the participants of the authentication. Some examples might be (1) information 
source / intermediate information filter / information receiver; (2) information source for 
information type A, information source for information type B, information receiver; (3) 
authentication initiator, next device found to authenticate, third device to authenticate; (4) 
lowest device identification number, middle device identification number, highest device 
10 identification number, etc. The digital platforms receive secret device key sets for each 
class they might belong to. 

In this embodiment, a 4x6x8 key matrix of 192 keys is provided. The first 
dimension is of size 4 and is for Class 1. The second dimension is of size 6 and is for 
Class 2. The third dimension is of size 8 and is for Class 3. For clarity sake, matrix keys 
1 5 are labeled "K^ " where the first subscript (x) is the index of the first dimension, the 
second subscript (y) is the index of the second dimension, and the third subscript (z) is 
the index of the third dimension (Class 3). 

Platform A is of Class 1 and is assigned combination <2,3>. It receives a 6x8 
matrix of keys A^, where A^ = K 2yz + K 3yr 

20 Platform B is of Class 2 and is assigned combination <3,5,6>. It receives a 4x8 

matrix of keys B xz , where B^ - K^ 3z + + K x6z . 

Platform C is of Class 3 and is assigned combination <1,4,5,7>. It receives a 4x6 
matrix of keys C^, where C xy = K xyl + K xy4 + K^ 5 + K^ 7 . 



042390.P6526 



-18- 



WWS/wlr 



During authentication, the three digital platforms provide each other with their 
respective key selection vectors, and they subsequently combine their keys along the 
dimensions associated with the other platforms' key selection vectors. 

Platform A receives key selection vector <3,5,6> from platform B (corresponding 
5 to the first dimension of platform A's secret device key set), and key selection vector 
<1,4,5,7> from platform C (corresponding to the second dimension of its secret A keys). 
Platform A then performs arithmetic operations on its secret device key sets (AJ for y = 
3,5,6 and z = 1,4,5,7 to calculate the shared secret key (SECKEY) from the following; 

A 31 + A 34 + A 35 + A 37 + + A 54 + A 55 + A 57 + A 61 + A 64 + A 65 + A 67 - (K 231 + 

0 10 K331) + ( K 234 + K 334 ) + ( K 235 + K 335 ) + (K 237 + K 337 ) + (K 251 + K 351 ) + (K 254 + K 354 ) + (K 255 + 

1 K 355 ) + (K 257 + K 357 ) + (K 261 + K 361 ) + (K 264 + K 364 ) + (K 265 + K 365 ) + (K 267 + K, 67 ). This is 
3^. the sum of all for / = 2,3;y = 3,5,6; and k = 1 ? 4,5,7. 

J; Platform B receives key selection vector <2,3> from platform A and key selection 

!L vector <1,4,5,7> from platform C. Platform B then performs arithmetic operations on its 
W 1 5 secret device key sets (B J for x = 2,3 and z - 1 ,4,5,7 to calculate the following: B 21 + B 24 

«p + B 25 + B 27 + B 31 + B 34 + B 35 + B 37 . This is also equal to the sum of all K ijk for i = 2,3; j = 

S 3,4,5; and k= 1,4,5,7. 

Platform C receives key selection vector <2,3> from platform A and key selection 
vector <3,5,6> from platform B. Platform C then performs arithmetic operations on its 
20 secret device key sets (C^) for x = 2,3 and y = 3,5,6 to calculate the following: C 23 + C 25 
+ C 26 + C 33 +C 35 + C 36 . This is also equal to the sum of all K iJk for i = 2,3 j = 3,5,6; and k 
= 1A5,7. 

The three digital platforms have each calculated a shared secret value that they all 
agree upon. An eavesdropper cannot calculate SECKEY without knowing the secret 
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device key set of at least one of the respective devices. An interloper cannot emulate one 
of the three platforms to participate in this shared secret key formation without having 
available a set of secret device keys of the class it is emulating derived for the same key 
matrix kept secret by the certification authority. 

5 Of course, the invention described herein may be designed in many different 

methods and using many different key manipulation schemes or circuitry. While the 
present invention has been described in terms of various embodiments to facilitate 
understanding of the present invention, other embodiments may come to mind to those 
skilled in the art without departing from the spirit and scope of the present invention. The 
10 invention should, therefore, be measured in terms of the claims that follow. 
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What is claimed is: 



CLAIMS 



1 LA method comprising : 

2 providing a key matrix having N rows and M columns of matrix keys, where N^and 

3 M>2; 

4 for each column of the key matrix, performing arithmetic operations on matrix keys 

5 of at least two selected rows of the key matrix to produce a first set of secret device keys; 

6 producing a shared secret key based on arithmetic operations on selected secret device 

7 keys of the first set of secret device keys. 

1 2. The method of claim 1 , wherein the arithmetic operations include modular 

2 addition. 

1 3 . The method of claim 1 , wherein prior to performing the arithmetic operations, 

2 the method comprises: 

3 generating a key selection vector identifying the at least two selected rows of the key 

4 matrix from which to produce the first set of secret device keys. 

1 4. The method of claim 3, wherein the key selection vector is uniquely assigned 

2 to a first digital platform. 

1 5. The method of claim 4, wherein prior to producing the shared secret key, the 

2 method comprises: ^ 

3 receiving a key selection vector from a second digital platform in communication 

4 with the first digital platform; and 
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5 analyzing contents of the key selection vector from the second digital platform to 

6 determine the selected secret device keys of the first set of secret device keys. 

1 6. The method of claim 1 , wherein prior to performing arithmetic operations on 

2 keys of at least two selected rows, the method further comprises: 

3 dedicating the rows of the key matrix to a first classification; and 

4 dedicating the columns of the key matrix to a second classification. 

1 7. The method of claim 6, wherein the first classification includes digital 

2 platforms designed to provide information to other digital platforms. 

1 8. The method of claim 7 ?v wherein the second classification includes digital 

2 platforms designed to receive information from other digital platforms. 

1 9. The method of claim 1 , wherein the producing of the shared secret key 

2 comprises: 

3 analyzing contents of an incoming key selection vector; and 

4 performing arithmetic operations of the selected secret device keys located in 

5 columns of the key matrix identified by the contents of the incoming key selection vector. 

1 10. The method of claim 9, wherein the producing of the shared secret key further 

2 comprises: ^ 

3 performing a hash operation on results of the arithmetic operations of the selected 

4 secret device keys located in the column of the key matrix identified by the contents of the 

5 incoming key selection vector. 

1 1 1 . A method comprising: 
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2 providing a key matrix having N rows and M columns of matrix keys, where N>2 and 

3 M>2; 

4 for each row of the key matrix, performing arithmetic operations on matrix keys of at 

5 least two selected columns of the key matrix to produce a first set of secret device keys; 

6 producing a shared secret key based on arithmetic operations on selected secret device 

7 keys of the first set of secret device keys. 

1 12. The method of claim 1 1, wherein the arithmetic operations include modular 

2 addition. *~ 

1 13. The method of claim 1 1 , wherein prior to performing the arithmetic 

2 operations, the method comprises: 

3 generating a key selection vector identifying the at least two selected rows of the key 

4 matrix from which to produce the first set of secret device keys. 

1 14. The method of claim 13, wherein the key selection vector is uniquely assigned 

2 to a first digital platform. 

1 15. The method of claim 1 4, wherein prior to producing the shared secret key, the 

2 method comprises: — ~ 

3 receiving a key selection vector from a second digital platform in communication 

4 with the first digital platform; and 

5 analyzing contents of the key selection vector from the second digital platform to 

6 determine the selected secret device keys of the first set of secret device keys. 

1 16. The method of claim 1 , ^herein prior to performing arithmetic operations on 

2 keys of at least two selected columns, the method further comprises: 
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3 dedicating the rows of the key matrix to a first classification; and 

4 dedicating the columns of the key matrix to a second classification. 

1 17. The method of claim 1 1, wherein the producing of the shared secret key 

2 comprises: 

3 analyzing contents of an incoming key selection vector; and 

4 performing arithmetic operations of the selected secret device keys located in rows of 

5 the key matrix identified by the contents of the incoming key selection vector. 

1 18. The method of claimJJ^wherein the producing of the shared secret key 

2 further comprises: 

3 performing a hash operation on results of the arithmetic operations of the selected 

4 secret device keys located in the rows of the key matrix identified by the contents of the 

5 incoming key selection vector. 

1 1 9. A machine readable medium having embodied thereon a computer program 

2 for processing by a first digital platform including memory containing the computer program 

3 comprising: 

4 an authentication function to recover an incoming key selection vector and to 

5 compute a shared secret key based on a set of secret device keys stored in the first digital 

6 platform and the contents of the incoming key selection vector; 

7 a transfer function to output at least a key selection vector assigned to the first digital 

8 platform; 

9 a hash function to perform a hash operation on at least the shared secret key to 

1 0 produce a resultant hash value; and 

11 a comparison function to compare the resultant hash value with an incoming check 

12 hash value received subsequent to the transmission of the key selection vector. 
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1 20. A network comprising: 

2 a first digital platform; and 

3 a certification authority in communication with the first digital platform, the 

4 certification authority having access to a key matrix featuring matrix keys arranged in 

5 accordance with at least a first dimension and a second dimension, generating a first key 

6 selection vector and providing a first set of secret device keys produced from selected matrix 

7 keys of the key matrix. 

1 2 L The network of clajmJH) further comprising : 

2 a second digital platform in communication with the certification authority and the 

3 first digital platform, the second digital platform being uniquely assigned a second key 

4 selection vector indicating at least two grids of the key matrix and a second set of secret 

5 device keys produced from matrix keys situated in at least two grids of the key matrix. 

1 22. The network of claim^L wherein the first and second digital platforms to 

2 exchange the first and second key selection vectors in order for each digital platform to 

3 produce a shared secret key to ensure that communications between the first and second 

4 digital platforms are secure. 

1 23. A certification authority comprising: 

2 a memory to store a key matrix having N rows and M columns of matrix keys, where 

3 N>2 and M>2; 

4 a logic to generate a key selection vector for each digital platform registered with the 

5 certification authority. 
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1 

2 



unit. 



24. 



The certification authority of claim 23 , wherein the logic includes a processing 



1 25 . The certification authority of claim 24, wherein the processing unit produces a 

2 first set of secret device keys by performing arithmetic operations on matrix keys along 

3 selected columns of the key matrix identified by the key selection vector to provide a first set 

4 of secret device keys to a digital platform. 

1 26. The certification authority of claim 25, wherein the matrix keys along the 

2 processing unit performs arithmetic operations on^matrix keys along selected rows of the key 

3 matrix identified by the key selection vector to provide a first set of secret device keys to a 

4 digital platform. 

1 27. The certification authority of claim 23, wherein the matrix keys are only 

2 known by the certification authority. 
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ABSTRACT OF THE INVENTION 



A method for formation of a shared secret key using a key matrix and a corresponding 
authentication protocol are described. The shared secret key formation scheme is a method in 
which sets of secret device keys are formed from arithmetic operations on matrix keys of a 
key matrix. The contents of the key matrix are held in confidence by the certification 
authority. The selection of which matrix keys to use is based on a key selection vector 
assigned by the certification authority. From the secret device keys, a shared secret key may 
be formed in accordance with a selected authentication protocol. 
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Choi, 43,324; Thomas 3VL Coester, 39,637; Roland B. Cortes, 39,152; Barbara B. Courtney, P 42,442; Michael A. 
DeSanctis, 39,957; Daniel M. DeVos, 37,813; Robert A. Diehl, P 40,992; Tarek N. Fahmi, 41,402; James Y. Go, 40,621; 
Richard L. Gregory, Jr., P 42,607; Dinu Gruia, P 42,996; David R. Halvorson, 33,395; Thomas A. Hassing, 36,159; James 
A. Henry (patent agent), 41,064; Willmore F. Holbrow III, 41,845; George W. Hoover, 32,992; Eric S. Hyman, 30,139; Dag 
H. Johansen, 36,172; William W. Kidd, 31,772; Michael J. Mallie, 36,591; Paul A. Mendonsa, P 42,879; Darren J. Milliken, 
P 42,004; Thinh V. Nguyen, 42,034; Kimberley G. Nobles, 38,255; Michael A. Proksch, P 43,021; Babak Redjaian, 
42,096; James H. Salter, 35,668; William W. Schaal, 39,018; James C. Scheller , 31,195; Anand Sethuraman, 43,351; 
Charles E. Shemwell, 40,171; Maria E. Sobrino, 31,639; Stanley W. Sokoloff, 25,128; Allan T. Sponseller, 38,318; Judith 
A. Szepesi, 39,393; Vincent P. Tassinari, 42,179; Edwin H. Taylor, 25,129; George G. C. Tseng, 41,355; Lester J. Vincent, 
31,460; John P. Ward, 40,216; Stephen Warhola, P 43,237; Charles T. J. Weigell, 43,398; Ben J. Yorks, 33,609; Norman 
Zafman , 26,250; my attorneys; and Amy M. Armstrong, Reg. No. P42,265; Robert Andrew Diehl, Reg. No. P40,992; and 
Edwin A. Sloane, Reg. No. 34,728; my patent agents, of BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN, LLP with 
offices located at 12400 Wilshire Boulevard, 7th Floor, Los Angeles, California 90025, telephone (714) 557-3800, and 
Joseph R. Bond, Reg. No. 36,458; Richard C. Calderwood, Reg. No. 35,468; Sean Fitzgerald, Reg. No. 32,027; Naomi 
Obinata, Reg. No. 39,320; Thomas C. Reynolds, Reg. No. 32,488; Steven P. Skabrat, Reg. No. 36,279; Howard A. Skaist, 
Reg. No. 36,008; Steven C. Stewart, Reg. No. 33,555; Raymond J. Werner, Reg. No. 34,752; and Charles K. Young, Reg. 
No. 39,435; my patent attorneys, of INTEL CORPORATION with full power of substitution and revocation, to prosecute 
this application and to transact all business in the Patent and Trademark Office connected herewith. 



Send correspondence to William W. SchaaL Reg. No. 39. 018 . BLAKELY, SOKOLOFF, TAYLOR & 

(Name of Attorney or Agent) 
ZAFMAN LLP, 12400 Wilshire Boulevard, 7th Floor, Los Angeles, California 90025 and direct telephone 
calls to William W. Schaal. Reg. No. 39. 018 . (714) 557-3800. 
(Name of Attorney or Agent) 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge 
that willful false statements and the like so made are punishable by fine or imprisonment, or both, under Section 
1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of 
the application or any patent issued thereon. 



INTEL CORPORATION 

Rev. 12/1 1/96 (D3 INTEL) cak 



-2- 



DocketNo. 042390.P6526 



Full Name of SoleMrst Inventor (given na*^famiiy name) David A, Lee 



Inventor's Signature (_ ^ QX^kl^c^ Date 3^2/?^ 

Residence Beaverton, Oregon USA Citizenship USA 



( City , State ) ( Country) 

P. (X Address 740 SW Willow Creek Drive 

Beaverton, Oregon 97006 USA 

Full Name of Second/Joint Inventor (given name, family name) 



Inventor's Signature Date 



Residence Citizenship 

(City , State) (Country) 

P. O. Address 



Full Name Of Third/Joint Inventor (given name, family name) 



Inventor's Signature Date 



Residence Citizenship 

(City, State) (Country) 

P. O. Address 



Full Name of Fourth/Joint Inventor (given name, family name) 



Inventor's Signature Date 



Resi dence Citizenship 

(City, State) (Country) 

P. O. Address 
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